#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

The Hacker News | #1 Trusted Cybersecurity News Site — Index Page

New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation

New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation

May 14, 2024 Vulnerability / Zero Day
Google on Monday shipped emergency fixes to address a new zero-day flaw in the Chrome web browser that has come under active exploitation in the wild. The high-severity vulnerability, tracked as  CVE-2024-4761 , is an out-of-bounds write bug impacting the V8 JavaScript and WebAssembly engine. It was reported anonymously on May 9, 2024. Out-of-bounds write bugs  could be typically exploited by malicious actors to corrupt data, or induce a crash or execute arbitrary code on compromised hosts. "Google is aware that an exploit for CVE-2024-4761 exists in the wild," the tech giant  said . Additional details about the nature of the attacks have been withheld to prevent more threat actors from weaponizing the flaw. The disclosure comes merely days after the company patched  CVE-2024-4671 , a use-after-free vulnerability in the Visuals component that has also been exploited in real-world attacks. With the latest fix, Google has addressed a total of six zero-days since the sta
Critical Flaws in Cacti Framework Could Let Attackers Execute Malicious Code

Critical Flaws in Cacti Framework Could Let Attackers Execute Malicious Code

May 14, 2024 Network Monitoring / Vulnerability
The maintainers of the  Cacti  open-source network monitoring and fault management framework have addressed a dozen security flaws, including two critical issues that could lead to the execution of arbitrary code. The most severe of the vulnerabilities are listed below - CVE-2024-25641  (CVSS score: 9.1) - An arbitrary file write vulnerability in the "Package Import" feature that allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server, resulting in remote code execution CVE-2024-29895  (CVSS score: 10.0) - A command injection vulnerability allows any unauthenticated user to execute arbitrary command on the server when the " register_argc_argv " option of PHP is On Also addressed by Cacti are two other high-severity flaws that could lead to code execution via SQL injection and file inclusion - CVE-2024-31445  (CVSS score: 8.8) - An SQL injection vulnerability in api_automation.php that
6 Mistakes Organizations Make When Deploying Advanced Authentication

6 Mistakes Organizations Make When Deploying Advanced Authentication

May 14, 2024 Cyber Threat / Machine Learning
Deploying advanced authentication measures is key to helping organizations address their weakest cybersecurity link: their human users. Having some form of 2-factor authentication in place is a great start, but many organizations may not yet be in that spot or have the needed level of authentication sophistication to adequately safeguard organizational data. When deploying advanced authentication measures, organizations can make mistakes, and it is crucial to be aware of these potential pitfalls.  1. Failing to conduct a risk assessment A comprehensive risk assessment is a vital first step to any authentication implementation. An organization leaves itself open to risk if it fails to assess current threats and vulnerabilities, systems and processes or needed level of protections required for different applications and data.  Not all applications demand the same levels of security. For example, an application that handles sensitive customer information or financials may require stro
cyber security

Protecting Your Organization From Insider Threats - All You Need to Know

websiteWing SecuritySaaS Security
Get practical insights and strategies to manage inadequate offboarding and insider risks effectively.
What's the Right EDR for You?

What's the Right EDR for You?

May 10, 2024Endpoint Security / Threat Detection
A guide to finding the right endpoint detection and response (EDR) solution for your business' unique needs. Cybersecurity has become an ongoing battle between hackers and small- and mid-sized businesses. Though perimeter security measures like antivirus and firewalls have traditionally served as the frontlines of defense, the battleground has shifted to endpoints. This is why endpoint detection and response (EDR) solutions now serve as critical weapons in the fight, empowering you and your organization to detect known and unknown threats, respond to them quickly, and extend the cybersecurity fight across all phases of an attack.  With the growing need to defend your devices from today's cyber threats, however, choosing the right EDR solution can be a daunting task. There are so many options and features to choose from, and not all EDR solutions are made with everyday businesses and IT teams in mind. So how do you pick the best solution for your needs? Why EDR Is a Must Because of
Ongoing Campaign Bombards Enterprises with Spam Emails and Phone Calls

Ongoing Campaign Bombards Enterprises with Spam Emails and Phone Calls

May 14, 2024 Email Security / Malware
Cybersecurity researchers have uncovered an ongoing social engineering campaign that bombards enterprises with spam emails with the goal of obtaining initial access to their environments for follow-on exploitation. "The incident involves a threat actor overwhelming a user's email with junk and calling the user, offering assistance," Rapid7 researchers Tyler McGraw, Thomas Elkins, and Evan McCann  said . "The threat actor prompts impacted users to download remote monitoring and management software like AnyDesk or utilize Microsoft's built-in Quick Assist feature in order to establish a remote connection." The novel campaign is said to be underway since late April 2024, with the emails primarily consisting of newsletter sign-up confirmation messages from legitimate organizations and done so with an aim to overwhelm email protection solutions. The impacted users are then approached over phone calls by masquerading as the company's IT team, tricking the
Apple and Google Launch Cross-Platform Feature to Detect Unwanted Bluetooth Tracking Devices

Apple and Google Launch Cross-Platform Feature to Detect Unwanted Bluetooth Tracking Devices

May 14, 2024 Location Tracking / Privacy
Apple and Google on Monday officially announced the rollout of a new feature that notifies users across both iOS and Android if a Bluetooth tracking device is being used to stealthily keep tabs on them without their knowledge or consent. "This will help mitigate the misuse of devices designed to help keep track of belongings," the companies said in a joint statement, adding it aims to address "potential risks to user privacy and safety." The proposal for a cross-platform solution was  originally unveiled  exactly a year ago by the two tech giants. The capability – dubbed " Detecting Unwanted Location Trackers " (DULT) – is available in Android devices running versions 6.0 and later, and iOS devices with iOS 17.5, which was officially shipped yesterday. As part of the industry specification, Android users will  receive  a "Tracker traveling with you" alert if an unidentified Bluetooth tracking device is detected as moving along with them over
MITRE Unveils EMB3D: A Threat-Modeling Framework for Embedded Devices

MITRE Unveils EMB3D: A Threat-Modeling Framework for Embedded Devices

May 13, 2024
The MITRE Corporation has officially made available a new threat-modeling framework called  EMB3D  for makers of embedded devices used in critical infrastructure environments. "The model provides a cultivated knowledge base of cyber threats to embedded devices, providing a common understanding of these threats with the security mechanisms required to mitigate them," the non-profit said in a post announcing the move. A draft version of the model, which has been conceived in collaboration with Niyo 'Little Thunder' Pearson, Red Balloon Security, and Narf Industries, was  previously released  on December 13, 2023. EMB3D, like the  ATT&CK framework , is expected to be a "living framework," with new and mitigations added and updated over time as new actors, vulnerabilities, and attack vectors emerge, but with a specific focus on embedded devices. The ultimate goal is to provide device vendors with a unified picture of different vulnerabilities in
The 2024 Browser Security Report Uncovers How Every Web Session Could be a Security Minefield

The 2024 Browser Security Report Uncovers How Every Web Session Could be a Security Minefield

May 13, 2024 Browser Security / Data Protection
With the browser becoming the most prevalent workspace in the enterprise, it is also turning into a popular attack vector for cyber attackers. From account takeovers to malicious extensions to phishing attacks, the browser is a means for stealing sensitive data and accessing organizational systems. Security leaders who are planning their security architecture require data and insights into the browser threat landscape. Recently, LayerX released the " Annual Browser Security Report 2024 ", providing an in-depth analysis of the evolving threat landscape for browser security.  This comprehensive report highlights the critical vulnerabilities and attack vectors that pose the greatest risks to enterprise security. It allows decision-makers and stakeholders to benchmark the security challenges of their environment so they can make actionable decisions. Below, we detail key findings from the report and a summarized list of security recommendations. We urge you to read the entire  report ,
SHQ Response Platform and Risk Centre to Enable Management and Analysts Alike

SHQ Response Platform and Risk Centre to Enable Management and Analysts Alike

May 13, 2024 Threat Detection / SoC / SIEM
In the last decade, there has been a growing disconnect between front-line analysts and senior management in IT and Cybersecurity. Well-documented challenges facing modern analysts revolve around a high volume of alerts, false positives, poor visibility of technical environments, and analysts spending too much time on manual tasks. The Impact of Alert Fatigue and False Positives  Analysts are overwhelmed with alerts. The knock-on effect of this is that fatigued analysts are at risk of missing key details in incidents, and often conduct time-consuming triaging tasks manually only to end up copying and pasting a generic closing comment into a false positive alert.  It is likely that there will always be false positives. And many would argue that a false positive is better than a false negative. But for proactive actions to be made, we must move closer to the heart of an incident. That requires diving into how analysts conduct the triage and investigation process. SHQ Response Platfo
Severe Vulnerabilities in Cinterion Cellular Modems Pose Risks to Various Industries

Severe Vulnerabilities in Cinterion Cellular Modems Pose Risks to Various Industries

May 13, 2024 Vulnerability / IoT Security
Cybersecurity researchers have disclosed multiple security flaws in Cinterion cellular modems that could be potentially exploited by threat actors to access sensitive information and achieve code execution. "These vulnerabilities include critical flaws that permit remote code execution and unauthorized privilege escalation, posing substantial risks to integral communication networks and IoT devices foundational to industrial, healthcare, automotive, financial and telecommunications sectors," Kaspersky  said . Cinterion modems were originally developed by Gemalto before the business was  acquired  by Telit from Thales as part of a deal announced in July 2022. The findings were  presented  at the OffensiveCon held in Berlin on May 11. The list of eight flaws is as follows - CVE-2023-47610  (CVSS score: 8.1) - A buffer overflow vulnerability that could allow a remote unauthenticated attacker to execute arbitrary code on the targeted system by sending a specially crafted S
Black Basta Ransomware Strikes 500+ Entities Across North America, Europe, and Australia

Black Basta Ransomware Strikes 500+ Entities Across North America, Europe, and Australia

May 13, 2024 Ransomware / Endpoint Security
The Black Basta ransomware-as-a-service (RaaS) operation has targeted more than 500 private industry and critical infrastructure entities in North America, Europe, and Australia since its emergence in April 2022. In a joint advisory published by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC), the agencies said the threat actors encrypted and stole data from at least 12 out of 16 critical infrastructure sectors. "Black Basta affiliates use common initial access techniques — such as phishing and exploiting known vulnerabilities — and then employ a double-extortion model, both encrypting systems and exfiltrating data," the bulletin  read . Unlike other ransomware groups, the ransom notes dropped at the end of the attack do not contain an initial ransom demand or payment instructions. Rather, the note
Cybersecurity
Expert Insights
Cybersecurity Resources